Securing the Car: How Intrusive Manufacturer-Supplier Approaches Can Reduce Cybersecurity Vulnerabilities

Abstract

Today's vehicles depend on numerous complex software systems, some of which have been developed by suppliers and must be integrated using ``glue code{''} so that they may function together. However, this method of integration often introduces cybersecurity vulnerabilities at the interfaces between electronic systems. In this article we address the ``glue code problem{''} by drawing insights from research on supplier-manufacturer outsourcing relationships in the automotive industry. The glue code problem can be framed as a knowledge coordination problem between manufactures and suppliers. Car manufacturers often employ different levels of intrusiveness in the design of car subsystems by their suppliers: the more control over the supplier the manufacturer exerts in the design of the subsystem, the more intrusive the manufacturer is. We argue that high intrusiveness by car manufacturers in defining module interfaces and subcomponents for suppliers would lead to more secure cars.